[pve-devel] [PATCH] spiceproxy : allow only spice port range

Dietmar Maurer dietmar at proxmox.com
Mon Jul 22 13:11:10 CEST 2013


> About password, I wonder if we could not retrieve the current ticket from
> spice server, and copy it to the target vm.
> 
> Libvirt seem to simply store the current password in the vm config xml :/
> 
> <graphics type='spice' port='5900' autoport='no' passwd='secret'
> passwdValidTo='2013-05-31T16:11:22' connected='disconnect'/>
> 

IMHO storing secrets is a bad thing. We want to increase security by using a short expiration time.


More information about the pve-devel mailing list